Cyber security threats are becoming increasingly serious by the day. It is imperative not only to adopt security technologies but to ensure the authenticity of data used, systems, and people. Fujitsu has introduced state-of-the-art technologies that are able to achieve trust and creativity in the digital age at Fujitsu Insight 2018, a security-themed conference held on December 4, 2018.
[Fujitsu Insight 2018 Security Seminar Report]
Fujitsu's Initiatives on Cutting-Edge Cyber Security Technologies in the Digital Age
The seminar began with Fujitsu's Junichi Iijima introducing the company's initiatives on cyber security measures.
Head of the Cyber Security Business Strategy Unit
The global GDP is approximately eight quadrillion yen (72.4 trillion U.S. dollars), while the total net income of all companies worldwide is approximately 400 trillion yen (3.62 trillion U.S. dollars). Meanwhile, cyber attacks caused approximately 60 trillion yen (543 million U.S. dollars) of damage: the majority of damage inflicted on humanity today is attributed to cyber attacks. New attacks are developed daily, making it difficult for a single company to defend itself alone. Fujitsu is working to protect this digital society in which companies operate and people live by incorporating external technologies from security vendors and combining them with our core technology.
Co-creation with security institutions and companies is required
The Cyber Security Business Strategy Unit and Security Research Laboratory operate in an integrated manner within the Fujitsu group. Specifically, the heads of both organizations hold a strategic cooperation meeting quarterly and agree on strategies and tasks to entrust to each other.
In addition, two organizations promote mutual human resource exchanges. Technologies developed by the Laboratory are incorporated into Fujitsu's security services to offer them to customers. Fujitsu does not merely develop technologies; it pursues technologies for human development.
Trust and Creativity: The Key to the Digital Age
Next to present in the seminar was Hiroshi Tsuda of Fujitsu Laboratories Ltd., who described the Fujitsu group's R&D on security technologies.
Head of the Security Research Laboratory
Fujitsu Laboratories Ltd.
Today's first keyword is trust. I will explain what shape trust will transform into in the digital age and how society will change in terms of trust from the viewpoints of data, systems, and people as well as research on this topic.
In 1976, Fujitsu introduced the catchphrase, "Fujitsu: Reliability and Creativity." At that time, this "reliability" was associated with the robustness and precision of products that Fujitsu made.
In the digital age, what matters most is shifting from reliability to trust relationships between the company and others. As cyber attacks occur daily, focus is placed not only on trust in products but also on trust in data, systems, and people.
The second keyword is creativity. In the digital age, when everyone and everything is connected as data to be utilized, Co-Creation, or initiatives to create value along with customers, is more important than working alone. Based on this idea, it is safe to say that security is an important technology for supporting trust and co-creation.
Trust is divided into three phases. Trust 1.0 refers to local, interpersonal relationships. Taking money as an example, this corresponds to shells that began to serve as currency in the age of barter. Trust 2.0 is based on organizations' systems and contracts. This is analogous to the currencies that nations issue. Trust 3.0 is created by digital technologies such as a virtual currency generated based on blockchain, such as Bitcoin. This "trust" is created solely by technology, and is not reliant on any nation. In future digital business, security technology is of paramount importance to create such trust.
The Importance of Trust in Data: Data Terrorism Will Occur Sooner or Later
Fujitsu Laboratories is working to devise ways to defend, protect, and guarantee trust in people, data, and systems. I will now introduce case studies on trust in data, systems, and people in turn.
Let's start with trust in data. The point to consider is the types of data to protect, such as personal data or confidential data, are certainly defined in guidelines and laws. With regard to cyber attack countermeasures, what today's society demands is to be sure to protect only what should be protected.
In addition, consideration must be given to AI and security. With bad training data, AI will provide incorrect answers. "Data terrorism" that targets this characteristic of AI will definitely occur. How to protect data to train AI is a new theme to tackle now. Similarly, the security of blockchain, a technology whose applications are expanding from financial to non-financial areas, is another important matter.
Among all types of data, personal data has been called the new "oil" in the 21st century. This idea was presented at World Economic Forum 2011 and refers to the concept that oil can be a source of various industries. When personal data is considered oil, for example, transporting or carrying it from one country to another will be restricted. Such restrictions are imposed by the EU General Data Protection Regulation (GDPR) and China's cyber security law. Japan is finally catching up with the west in data control legislation.
Managing Data Histories with Data Trust and Blockchain Technology
Going forward, what measures should we take to ensure trust in data? Fujitsu has developed a technology that enables companies that want to use AI and data to confirm how specific pieces of AI training data were created. This technology, announced in September 2018, is named Chain Data Lineage.
Chain Data Lineage improves trust in data distribution across industries and sectors.（Japanese）
When thinking about trust in data, attention should be paid to its history. Data will become more and more like products in supply chains: there is raw data, which is in turn processed to add other data. The idea of Chain Data Lineage is to use an immutable blockchain to manage all information on who made modifications to data at which timings throughout such a process.
In addition, some data (e.g., personal data) requires users' consent to be shared by third parties. Fujitsu has also devised a mechanism to recognize such data and to automatically refuse provision without users' consent.
Trust in Systems: High-Speed Analysis of Attack Logs
Trust in systems can be achieved with a technology known as high-speed forensics. Forensics is a technology for checking the logs of hard drives and other devices as well as to analyze how crimes are committed.
Cyber attacks, especially targeted cyber attacks, require sending malware, infecting targets, intruding from the outside, and searching the inside for important data to steal. High-speed forensics can reveal modi operandi, or proof of attacks and what attackers did, by keeping audit logs and analyzing operation commands. Its advantage is speed: a conventional method takes about three months to analyze server logs in a targeted attack incident, whereas high-speed forensics can conduct such investigations and analysis within an hour or so. This is also an example of joint research and co-creation with the National Institute of Information and Communications Technology, a research institute of Japan's Ministry of Internal Affairs and Communications.
In addition, an AI technology to represent attackers' activities as graph data to learn from is also applied. This malware analysis uses Deep Tensor®, Fujitsu's AI technology. Using Deep Tensor® to train AI with graph data, a type of data that previously people used for judgment because conventional AI implementations have trouble handling it, facilitates highly accurate analysis and detection. In an example using open data, the achieved accuracy was as high as 97%. Fujitsu plans to automate incident management as much as possible by integrating this technology in the future.
Trust in People: The Increasing Importance of Identity Management
The last topic is people. Identity management, including identity authentication, is becoming more important. Japan, too, is facing a cashless era, a time when focus is being placed on identity verification.
That said, biometric authentication for logging in to smartphones and PCs merely identifies the owners of such devices. In the coming era, biometric authentication technology that identifies the true owner from among tens of thousands of people will be required.
Fujitsu's palm vein authentication and fingerprint authentication technologies can identify the true owner from about 10,000 people, but what can be done to raise this number? The answer is biometric authentication with multiple options that, when needed, use them in combination—for example, users' fingerprints and veins instead of the customary face authentication. In our case, we selected a combination of face and vein authentication. Integration of these two technologies enabled hands-free payments for one million users.
Hands-Free Easy Payment based on face and palm vein authentication（Japanese）
Expanding the Circle of Trust in Cyberspace
The preconditions to manage cyber security risks are discovering incidents, collecting data, and visualizing such data. This management cycle is supported by three elements: correct data, healthy IT infrastructure (systems), and an appropriate scope of sharing (people). The Fujitsu group is working with our customers to expand and protect the circle of trust in order to maintain a healthy environment to make use of cyberspace.
Head of the Cyber Security Business Strategy Unit, Fujitsu Limited
Head of the Security Research Laboratory, Fujitsu Laboratories Ltd.